# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ depot, lib, pkgs, rebuilder, config, ... }:
let
  inherit (depot.ops) secrets;
  machineSecrets = secrets.machineSpecific.kusakabe;
in {
  imports = [
    ../lib/zfs.nix
  ];

  boot.initrd.availableKernelModules = [
    "ahci"
    "xhci_pci"
    "ehci_pci"
    "usbhid"
    "sd_mod" 
  ];
  boot.kernelModules = [ "kvm-intel" ];

  nix.maxJobs = lib.mkDefault 8;

  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";

  fileSystems = let
    zfs = device: {
      device = device;
      fsType = "zfs";
    };
  in {
    "/" = zfs "tank/local/root";
    "/nix" = zfs "tank/local/nix";
    "/home" = zfs "tank/safe/home";

    "/boot" = {
      device = "/dev/disk/by-label/EFIBOOT";
      fsType = "vfat";
    };
  };

  # Use systemd-boot.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Networking!
  networking = {
    hostName = "kusakabe";
    domain = "lukegb.com";
    hostId = "c6054536";

    nameservers = [
      "2001:4860:4860::8888"
      "2001:4860:4860::8844"
      "8.8.8.8"
      "8.8.4.4"
    ];
    useDHCP = false;
    defaultGateway = {
      address = "188.165.197.254";
      interface = "br-ext";
    };
    defaultGateway6 = {
      address = "2001:41d0:2:8eff:ff:ff:ff:ff";
      interface = "br-ext";
    };
    interfaces.br-ext = {
      useDHCP = false;
      ipv4.addresses = [{ address = "188.165.197.49"; prefixLength = 24; }];
      ipv6.addresses = [{ address = "2001:41d0:2:8e31::1"; prefixLength = 64; }];
      virtual = true;
    };
    bridges.br-ext.interfaces = [ "eno1" ];
    firewall.allowPing = true;
  };

  virtualisation.libvirtd = {
    enable = true;
    qemuRunAsRoot = false;
    allowedBridges = [ "br-ext" ];
  };
  users.users.lukegb.extraGroups = lib.mkAfter [ "libvirtd" ];

  system.stateVersion = "20.03";
}